package com.schoolai.auth.config;

import com.schoolai.auth.service.MyAuthenticationFailureHandler;
import com.schoolai.auth.service.MyAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

/**
 * Copyright(C),2019-2025，XX公司
 * FileName:SecurityConfig
 * Author:bobby
 * 创建时间：2025/10/21 09:01
 * Description:安全配置类
 * History:
 * <auth>        <time>       <version>       <desc>
 * 作者          修改时间       版本号         描述
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Autowired
    MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((authorize) -> authorize
                        .anyRequest().authenticated()
                )
                .formLogin(form ->
                        form.loginProcessingUrl("/api/login")
                                .successHandler(myAuthenticationSuccessHandler)  // 使用自定义成功处理器
                                .failureHandler(new MyAuthenticationFailureHandler())

                );
        //关闭csrf攻击防御
        http.csrf(AbstractHttpConfigurer::disable);

        return http.build();
    }
}
